When someone says that a particular digital certificate (like an SSL cert) has been "signed with a key", what does that imply? Does that mean the certificate simply includes a key that should be used for further message exchanges? Does that mean that the cert itself is encrypted and can only be decrypted with that key? Does it imply something else? Thanks in advance.

3 Answers
3

Ideally, it means that someone looked at the certificate and decided that it is correct and legitimate. Once they've done that, they want to tell people "Hey, I've verified that this certificate is good. I trust it". To do this, they use their signing key to sign the certificate.

Now when someone gets the certificate they can see who signed the certificate. If they trust one of the signers, they can trust the certificate itself. This is the basis of Web Of Trust in PKI.

Certificate information. ("Identity" information about
the user, such as name, user ID, and so on.)

One or more digital signatures.

Typically the "one of more digital signatures" part is done by listing an set of encrypted hashes of the certificate. So when you want to sign a certificate, you would compute the hash of the certificate, encrypt it using your private signing key, and add it to the list of digital signatures.

Thanks @Oleksi - but I think you misunderstand what my question was! You say "To do this, they use their signing key to sign the certificate." I don't understand what the "signing" part is!! Are they encrypting the cert with their signing key, or are they adding their signing key to the cert? Thanks again (and +1)!
–
zharveyJun 28 '12 at 16:51

I think you mean Chain of Trust, not Web of Trust. If you read carefully, the link you posted says that Web of Trust is an alternative to, not a part of, PKI. en.wikipedia.org/wiki/Chain_of_trust
–
Hans2 days ago

The data contained in the certificate itself is the TBSCertificate part: it binds the public key (subjectPublicKeyInfo) to an identifier (the subject), and various other attributes extensions).

This is then combined with the signature to form a Certificate structure. The signature algorithm dictates how this should be done.

Essentially, a digest of TBSCertificate (typically SHA-1) is computed and then signed with the private key of the signer (the issuer in X.509 terms). The slightest modification of the TBSCertificate content should make the digest change, which should in turn invalidate the signature.

Using RSA keys, the signing of the digest using the private key is mathematically very similar to what would be done for encryption using the public key. This is not the same conceptually, though, and DSA doesn't have that reciprocity, for example.

The principle is the same for other types of certificates, although the structure may differ. Considering that PGP public keys are in fact certificates, you may be interested in these questions too:

When someone says that a particular digital certificate (like an SSL cert) has been "signed with a key", what does that imply?

It implies that the entity owning that key has vouched for the accuracy of the information in the certificate and has attached information to the certificate that permits that vouching to be verified.

Does that mean the certificate simply includes a key that should be used for further message exchanges?

No. Certificates only prove identity.

Does that mean that the cert itself is encrypted and can only be decrypted with that key?

No. There's no reason to encrypt certificates, they only contain public information.

Does it imply something else?

It implies that the owner of that key has vouched for the information in the certificate. For a typical SSL certificate, the information in the certificate is a binding between a public key and a common name.

For example, when you point your browser at https://www.amazon.com/ Amazon's server will send you a certificate. This certificate binds a particular public key to the name www.amazon.com. Your browser confirms three things to know it is talking to the real Amazon:

The server presented a certificate that was valid and signed by a key it trusts.

The certificate binds the identity "www.amazon.com".

The server proves it possesses the private key corresponding to the certificate.

So the purpose of the certificate signature is to put the signing agent's credibility behind the information in the certificate which is fundamentally "this guy owns this key".